Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/java.base/share/conf/security/java.security
changeset 53430 ccfd4e614bb8
parent 53304 9e968a576dd2
parent 53428 f443de1cee05
child 54802 b0a1572ec64a 
--- a/src/java.base/share/conf/security/java.security	Tue Jan 22 03:32:47 2019 -0800
+++ b/src/java.base/share/conf/security/java.security	Tue Jan 22 19:56:19 2019 +0100
@@ -1167,8 +1167,15 @@
 # of which represents a policy for determining if a CA should be distrusted.
 # The supported values are:
 #
-# SYMANTEC_TLS : Distrust TLS Server certificates anchored by
-#                a Symantec root CA and issued after April 16, 2019.
+#   SYMANTEC_TLS : Distrust TLS Server certificates anchored by a Symantec
+#   root CA and issued after April 16, 2019 unless issued by one of the
+#   following subordinate CAs which have a later distrust date:
+#     1. Apple IST CA 2 - G1, SHA-256 fingerprint:
+#        AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B
+#        Distrust after December 31, 2019.
+#     2. Apple IST CA 8 - G1, SHA-256 fingerprint:
+#        A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED
+#        Distrust after December 31, 2019.
 #
 # Leading and trailing whitespace surrounding each value are ignored.
 # Unknown values are ignored. If the property is commented out or set to the
jdk-sandbox